Privacy Policy
1. Introduction
At GridWander (“we,” “our,” “us”), we are committed to safeguarding the privacy and personal data of all users who interact with our website, gridwander.com (the “Website”). We recognize the importance of data protection and are dedicated to ensuring your information is handled in accordance with the highest standards of security and transparency. This Privacy Policy outlines our practices regarding the collection, use, disclosure, and protection of personal data and is designed to comply with applicable data protection laws, including the General Data Protection Regulation (EU 2016/679) (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to personal data collected through gridwander.com and related services, whether you are just browsing or using features such as account creation, purchasing products, or contacting support. For the purposes of applicable data protection law, GridWander acts as the data controller—responsible for determining the purposes and means of processing your personal data.
3. Categories of Data Processed
We may collect and process the following categories of personal data, either directly from you or automatically through your interaction with the Website:
a. Usage Data
This includes data about how you use the Website such as your IP address, browser type and version, geolocation data, access times, referring websites, session data, error logs, and interaction data (clicks, scrolls, etc.).
b. Account Data
When you register or create an account, we may collect your full name, email address, postal address, phone number, and login credentials.
c. Profile Data
We gather data linked to your user profile and preferences, including saved items, previous purchases, wishlists, areas of interest, the behavior within the Website, and survey responses.
d. Communication Data
This comprises records of your interactions with us via contact forms, support tickets, email correspondence, or live chat. It may include message content, date and time, and other contact history.
e. Technical Data
Collected automatically from your device, including operating system, device type, screen resolution, network information, and system configurations necessary for rendering content.
f. Transaction Data
This includes data related to the purchase and delivery of products and services such as billing address, shipping address, order history, payment method (last four digits), and transaction dates.
g. Preference Data
Preferences for marketing communications, language selection, product interests, and cookie consent choices are captured and stored to provide a tailored user experience.
4. Legal Bases for Processing
We rely on the following legal grounds to lawfully process your personal data:
– Consent: When you provide your explicit consent for certain processing activities (e.g., receiving marketing emails, setting non-essential cookies).
– Contractual Necessity: Where processing is necessary for the performance of a contract with you, such as fulfilling an order.
– Legal Obligation: To comply with applicable laws and regulations, including tax or consumer protection laws.
– Legitimate Interests: For uses that are necessary for our legitimate business interests, provided those interests do not override your fundamental rights and freedoms. These may include product development, fraud prevention, network security, and improving user experience.
5. Your Rights
If you are located in the European Economic Area (EEA), California, or other jurisdictions with similar data protection laws, you have specific rights regarding your personal data, including:
– Right of Access: To request access to the personal data we hold about you.
– Right to Rectification: To correct inaccurate or incomplete data.
– Right to Erasure: To request deletion of your data under certain circumstances.
– Right to Restrict Processing: To request limited use of your data when specific criteria apply.
– Right to Data Portability: To receive your data in a commonly used and machine-readable format.
If you wish to exercise any of these rights, please contact us using the contact information provided in Section 13.
Users in California also have the right under the CCPA to request disclosure of categories and specific pieces of personal information collected, as well as the right to opt-out of the sale (if any) of personal information.
6. Security Measures
We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include but are not limited to:
– End-to-end data encryption for sensitive transmissions
– Access controls restricting internal access based on role and necessity
– Daily system backups and secure disaster recovery procedures
– Employee training on data protection and confidentiality
– Regular security assessments and audits
7. International Transfers
Your personal data may be processed in countries outside of your jurisdiction, including countries that may not provide the same level of data protection as your home country. Where such transfers occur, we ensure appropriate safeguards are in place—including Standard Contractual Clauses approved by the European Commission—for GDPR compliance, and mechanisms recognized under CCPA for users in California.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected or to fulfill legal obligations. Specific data retention periods include:
– Usage and Technical Data: 12 months
– Account and Profile Data: Active duration of account + 3 years
– Communication Data: 2 years from the last contact
– Transaction and Payment Data: 7 years for financial compliance
– Marketing and Preference Data: Until withdrawal of consent or 2 years post last engagement
9. Cookie Policy
We use cookies and similar technologies to operate our Website efficiently and improve your browsing experience. Cookies may be categorized as follows:
– Essential Cookies: Required for core site functionality, such as login sessions and cart functionality.
– Functional Cookies: Enhance features by remembering user preferences.
– Analytics Cookies: Help us monitor site traffic, user behavior, and performance metrics through services like Google Analytics.
– Performance Cookies: Assist in delivering consistent and optimized experiences tailored to your device or browser.
10. Cookie Management and Compliance
Upon your first visit to gridwander.com, you will be prompted to manage your cookie preferences. You may modify these preferences at any time through your browser or our cookie settings interface. For users in the EU and California, cookie processing is governed by explicit consent mechanisms aligned with GDPR and CCPA compliance requirements.
11. Children’s Data
GridWander does not knowingly collect or solicit personal data from children under the age of 13. If we become aware that a child under 13 has provided us with personal data, we will promptly delete such information. Parents or guardians who believe their child has submitted personal data should contact us at [email protected].
12. Policy Updates and Notifications
We reserve the right to amend this Privacy Policy to reflect operational, legal, or regulatory changes. Updates will be posted on gridwander.com and, where required by law, we will notify you via prominent notice or email in advance of material changes.
13. Contact Us
If you have questions or concerns regarding this Privacy Policy or wish to exercise your data protection rights, please contact us at:
Email: [email protected]
We are committed to upholding your privacy rights and ensuring data practices aligned with regulatory requirements. If you have any privacy-related inquiries, please do not hesitate to reach out.